Signature Detail

HTTP: Movable Type Upgrade Script Remote Code Execution

This signature detects attempts to exploit a known vulnerability against Movable Type. A successful attack can lead to arbitrary code execution.

Extended Description

lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct eval injection and SQL injection attacks via crafted parameters, as demonstrated by an eval injection attack against the core_drop_meta_for_table function, leading to execution of arbitrary Perl code.

Affected Products

• sixapart movable_type 4.21
• sixapart movable_type 4.22
• sixapart movable_type 4.23
• sixapart movable_type 4.24
• sixapart movable_type 4.25
• sixapart movable_type 4.26
• sixapart movable_type 4.261
• sixapart movable_type 4.27
• sixapart movable_type 4.28
• sixapart movable_type 4.28 (:enterprise)
• sixapart movable_type 4.28 (:open_source)
• sixapart movable_type 4.29
• sixapart movable_type 4.291
• sixapart movable_type 4.291 (:enterprise)
• sixapart movable_type 4.291 (:open_source)
• sixapart movable_type 4.292
• sixapart movable_type 4.292 (:enterprise)
• sixapart movable_type 4.292 (:open_source)
• sixapart movable_type 4.29 (:enterprise)
• sixapart movable_type 4.29 (:open_source)
• sixapart movable_type 4.31
• sixapart movable_type 4.32
• sixapart movable_type 4.33
• sixapart movable_type 4.34
• sixapart movable_type 4.35
• sixapart movable_type 4.36
• sixapart movable_type 4.361
• sixapart movable_type 4.361 (:open_source)
• sixapart movable_type 4.36 (:open_source)
• sixapart movable_type 4.37
• sixapart movable_type 4.37 (:open_source)
• sixapart movable_type 4.38
• sixapart movable_type 4.38 (:open_source)

References

• CVE: CVE-2013-0209